SECURITY LIFECYCLE REVIEW Acme Corporation
Total Page:16
File Type:pdf, Size:1020Kb
SECURITY LIFECYCLE REVIEW Acme Corporation PREPARED BY Acme Acme www.acmecorporation.com The Security Lifecycle Review summarizes the threat exposure and security risks facing Acme Corporation and the customers connecting to their networks. The data used for this analysis was gathered by Palo Alto Networks during the report time period. The report provides actionable intelligence and risk assessment around the applications, URL traffic, and types of content that are traversing the Acme Corporation network as well as volume and types of threats and vulnerabilities that are observed. Recommendations are provided that can be employed to reduce the overall risk exposure for both the network operator and their customers. Industry Average Period: 9 DAYS Tue, Apr 02, 2019 - Wed, Apr 10, 2019 Confidential Information - Do Not Redistribute TABLE OF CONTENTS 3 Executive Summary 4 Applications Applications at a Glance Applications that Introduce Risk Applications that Introduce Risk — Detail SaaS Applications 16 URL Activity URL Activity 17 File Transfer File Transfer Analysis 18 Threats Threats at a Glance High-Risk and Malicious File Type Analysis Application Vulnerabilities Known and Unknown Malware Command and Control Analysis 25 Summary ACME CORPORATION | SECURITY LIFECYCLE REVIEW INDUSTRY AVERAGE PERIOD: 9 DAYS 2 Confidential Information - Do Not Redistribute EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY FILE TRANSFER THREATS SUMMARY EXECUTIVE SUMMARY FOR Acme Corporation The Security Lifecycle Review summarizes the business and security risks facing Acme Corporation. The data used for this analysis was gathered by Palo Alto Networks during the report time period. The report provides actionable intelligence around the applications, URL traffic, types of content, and threats traversing the network, including recommendations that can be employed to reduce the organization’s overall risk exposure. Confidential Information - Do Not Redistribute KY FINDING 631 137 165 APPLICATIONS IN USE HIGH RISK APPLICATIONS SAAS APPLICATIONS 631 total applications are in use, presenting 137 high-risk applications were observed, 165 SaaS applications were observed in your potential business and security challenges. As including those that can introduce or hide network. To maintain administrative control, critical functions move outside of an malicious activity, transfer files outside the adopt SaaS applications that will be managed organization’s control, employees use non- network, or establish unauthorized by your IT team. work-related applications, or cyberattackers communication. use them to deliver threats and steal data. 8,155,948 11,846,851 31,479 VULNERABILITY EXPLOITS TOTAL THREATS MALWARE DETECTED 8,155,948 total vulnerability exploits were 11,846,851 total threats were found on your 488 known malware and 30,991 unknown observed in your organization, including network, including vulnerability exploits, malware events were observed in your brute-force, info-leak and code-execution. malware, and outbound command and control organization. activity. ACME CORPORATION | SECURITY LIFECYCLE REVIEW INDUSTRY AVERAGE PERIOD: 9 DAYS 3 Confidential Information - Do Not Redistribute EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY FILE TRANSFER THREATS SUMMARY Applications at a Glance Applications can introduce risk, such as delivering threats, potentially allowing data to leave the network, enabling unauthorized access, lowering productivity, or consuming corporate bandwidth. This section will provide visibility into the applications in use, allowing you to make an informed decision on potential risk versus business benefit. KY FINDING High-risk applications such as file-sharing, photo-video and email were observed on the network, which should be investigated due to their potential for abuse. 631 total applications were seen on the network across 28 sub-categories, as opposed to an industry average of 207 total applications seen in other High Technology organizations. 16.2 TB was used by all applications, including networking with 6.97 TB, compared to an industry average of 6.87 TB in similar organizations. HIGH-RISK APPLICATIONS file-sharing 27 6 The first step to managing security and business risk is identifying which 23 applications can be abused to cause the most harm. We recommend photo-video 6 closely evaluating applications in these categories to ensure they are not 17 introducing unnecessary compliance, operational, or cyber security risk. email 4 social-networking 13 3 internet-utility 10 4 Acme Corporation Industry Average NUMBER OF APPLICATIONS ON NETWORK BANDWIDTH CONSUMED BY APPLICATIONS Acme Corporation 631 Acme Corporation 16.20 TB INDUSTRY AVERAGE 207 INDUSTRY AVERAGE 6.87 TB ALL ORGANIZATIONS 226 ALL ORGANIZATIONS 4.86 TB CATEGORIES WITH THE MOST APPLICATIONS CATEGORIES CONSUMING THE MOST BANDWIDTH The following categories have the most applications variants, and should Bandwidth consumed by application category shows where application be reviewed for business relevance. usage is heaviest, and where you could reduce operational resources. business-systems 178 networking 6.97 TB 65 2.45 TB 154 3.27 TB collaboration media 44 155.07 GB 109 2.86 TB media general-internet 47 966.84 GB general-internet 102 collaboration 1.78 TB 35 178.20 GB networking 88 business-systems 1.32 TB 33 3.11 TB Acme Corporation Industry Average Acme Corporation Industry Average ACME CORPORATION | SECURITY LIFECYCLE REVIEW INDUSTRY AVERAGE PERIOD: 9 DAYS 4 Confidential Information - Do Not Redistribute EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY FILE TRANSFER THREATS SUMMARY Applications that Introduce Risk The top applications (sorted by bandwidth consumed) for application subcategories that introduce risk are displayed below, RISK LEVEL including industry benchmarks on the number of variants across other High Technology organizations. This data can be 5 ]- High used to more effectively prioritize your application enablement efforts. 4 3 2 KY FINDING 1 A total of 631 applications were seen in your organization, compared to an industry average of 207 in other High Technology organizations. The most common types of application subcategories are photo-video, management and file-sharing. The application subcategories consuming the most bandwidth are encrypted-tunnel, photo-video and internet-utility. Number of Applications in the subcategory Industry Average Number of Applications in the subcategory Industry Average 26 8 27 6 Email 363.85 G Remote-Access 73.32 G TOP EMAIL APPS TOP REMOTE-ACCESS APPS smtp ms-rdp 134.29 G 24.73 G ms-exchange dameware-mini-remote 101.14 G 23.87 G gmail-base teamviewer-base 92.62 G 8.35 G outlook-web-online citrix 18.10 G 5.68 G comcast-webmail x11 7.88 G 3.90 G yahoo-mail pcoip 3.23 G 2.48 G lotus-notes-base logmeinrescue 2.80 G 761.66 M icloud-mail vnc-base 2.60 G 748.36 M ACME CORPORATION | SECURITY LIFECYCLE REVIEW INDUSTRY AVERAGE PERIOD: 9 DAYS 5 Confidential Information - Do Not Redistribute EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY FILE TRANSFER THREATS SUMMARY Number of Applications in the subcategory ApplicationsIndustry Average that IntroduceNumber of Applications in the subcategory Risk Industry Average 52 13 15 5 File-Sharing 95.39 G Encrypted-Tunnel 4.36 T TOP FILE-SHARING APPS TOP ENCRYPTED-TUNNEL APPS skydrive-base ssl 31.69 G 3.79 T mega ssh 15.47 G 340.80 G ms-onedrive-base dtls 9.98 G 201.97 G hightail-base mobility-xe 7.26 G 12.95 G boxnet-base ciscovpn 6.65 G 7.04 G dropbox ipsec-esp-udp 6.25 G 6.06 G sourceforge-file-transfer open-vpn 5.26 G 494.07 M mediafire ipsec-esp 5.01 G 431.17 M Number of Applications in the subcategory Industry Average Number of Applications in the subcategory Industry Average 26 8 45 12 Instant-Messaging 16.76 G Social-Networking 1.28 T TOP INSTANT-MESSAGING APPS TOP SOCIAL-NETWORKING APPS facebook-chat facebook-base 10.78 G 1.15 T ms-lync-base twitter-base 2.55 G 69.78 G ms-lync-online tumblr-base 1.87 G 23.84 G msn-base google-plus-base 605.22 M 23.47 G whatsapp-base linkedin-base 293.57 M 12.11 G wechat-base pinterest-base 239.77 M 6.04 G jabber yammer 123.04 M 848.37 M hipchat reddit-base 75.57 M 286.30 M ACME CORPORATION | SECURITY LIFECYCLE REVIEW INDUSTRY AVERAGE PERIOD: 9 DAYS 6 Confidential Information - Do Not Redistribute EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY FILE TRANSFER THREATS SUMMARY Number of Applications in the subcategory ApplicationsIndustry Average that IntroduceNumber of Applications in the subcategory Risk Industry Average 72 19 1 1 Photo-Video 2.82 T Proxy 773.98 G TOP PHOTO-VIDEO APPS TOP PROXY APPS youtube-base http-proxy 909.16 G 773.98 G facebook-video 621.13 G http-video 464.57 G instagram-base 264.37 G rtp-base 147.38 G netflix-streaming 115.92 G streampix 39.57 G rtmpt 39.39 G ACME CORPORATION | SECURITY LIFECYCLE REVIEW INDUSTRY AVERAGE PERIOD: 9 DAYS 7 Confidential Information - Do Not Redistribute EXECUTIVE SUMMARY APPLICATIONS SAAS APPLICATIONS URL ACTIVITY FILE TRANSFER THREATS SUMMARY Applications that Introduce Risk — Detail RISK APPLICATION CATEGORY SUB CATEGORY TECHNOLOGY BYTES SESSIONS 5 smtp collaboration email client-server 134.29 GB 339933 4 ms-exchange collaboration email client-server 101.14 GB 149758 4 gmail-base collaboration email browser-based 92.62 GB 911938 3 outlook-web-online collaboration email browser-based 18.1 GB 320821 3 comcast-webmail collaboration email browser-based 7.88 GB 42201 3 yahoo-mail collaboration email browser-based 3.23